Simple Authentication and Security Layer (sasl) ----------------------------------------------- Charter Last Modified: 2006-08-16 Current Status: Active Working Group Chair(s): Kurt Zeilenga Tom Yu Security Area Director(s): Tim Polk Sam Hartman Security Area Advisor: Sam Hartman Mailing Lists: General Discussion:ietf-sasl@imc.org To Subscribe: ietf-sasl-request@imc.org In Body: subscribe Archive: http://www.imc.org/ietf-sasl/mail-archive/ Description of Working Group: This working group focuses on the application of the Session Initiation Protocol (SIP, RFC 3261) to the suite of services collectively known as instant messaging and presence (IMP). The IETF has committed to producing an interoperable standard for these services compliant to the requirements for IM outlined in RFC 2779 (including the security and privacy requirements there) and in the Common Profile for Instant Messaging (CPIM) specification, developed within the IMPP working group. As the most common services for which SIP is used share quite a bit in common with IMP, the adaptation of SIP to IMP seems a natural choice given the widespread support for (and relative maturity of) the SIP standard. This group has completed the majority of its primary goals and will focus on the remaining tasks documented here and concluding. Any proposed new work will require a recharter. The primary remaining work of this group will be to complete: 1. The MSRP proposed standard mechanism for transporting sessions of messages initiated using the SIP, compliant to the requirments of RFC 2779, CPIM and BCP 41. 2. The XCAP framework for representing and carrying configuration and policy information in SIMPLE systems. 3. A mechanism for representing partial changes (patches) to XML documents and extensions to the SIMPLE publication and notification mechanisms to convey these partial changes. 4. A mechanism for initiating and managing Instant Message group chat. 5. An annotated overview of the SIMPLE protocol definition documents. Any SIP extensions proposed in the course of this development will, after a last call process, be transferred to the SIP WG for consideration as formal SIP extensions. Any mechanisms created for managing Instant Message group chat are intended to provide a bridge to the conferencing protocols that will be defined in XCON. They will be limited in scope to address only simple Instant Message chat with nicknames and will not attempt to address complex conferencing concepts such as sidebars. Their design must anticipate operating in conjunction with the conferencing protocols XCON is working towards. The working group will work within the framework for presence and IM described in RFC 2778. The extensions it defines must also be compliant with the SIP processes for extensions. The group cannot modify baseline SIP behavior or define a new version of SIP for IM and presence. If the group determines that any capabilities requiring an extension to SIP are needed, the group will seek to define such extensions within the SIP working group, and then use them here. Goals and Milestones: Done Submit revised SASL (+ EXTERNAL) I-D Done Submit revised SASL ANONYMOUS I-D Done Submit revised SASL PLAIN I-D Done Submit revised SASL CRAM-MD5 I-D Done Submit revised SASL DIGEST-MD5 I-D Done Submit revised SASL GSSAPI I-D Done Submit SASL (+ EXTERNAL) to the IESG for consideration as a Proposed Standard Done Submit GSSAPI to IESG for consideration as a Proposed Standard Sep 2006 Submit GS2 to IESG for consideration as a Proposed Standard Sep 2006 Submit CRAM-MD5 to IESG for consideration as a Proposed Standard Oct 2006 Submit DIGEST-MD5 to IESG for consideration as a Proposed Standard Oct 2006 Provide implementation report plan (with milestones) Nov 2006 Revise charter or conclude Internet-Drafts: Posted Revised I-D Title ------ ------- -------------------------------------------- Feb 2006 Oct 2007 Using GSS-API Mechanisms in SASL: The GS2 Mechanism Family Sep 2007 Sep 2007 Moving DIGEST-MD5 to Historic Request For Comments: RFC Stat Published Title ------- -- ----------- ------------------------------------ RFC4013Standard Mar 2005 SASLprep: Stringprep profile for user names and passwords RFC4422 PS Jun 2006 Simple Authentication and Security Layer (SASL) RFC4505 PS Jun 2006 Anonymous Simple Authentication and Security Layer (SASL) Mechanism RFC4616 PS Aug 2006 The PLAIN Simple Authentication and Security Layer (SASL) Mechanism RFC4752 PS Nov 2006 The Kerberos V5 (